CVE-2025-66675
BaseFortify
Publication date: 2025-12-10
Last updated on: 2025-12-16
Assigner: Apache Software Foundation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apache | struts | From 2.0.0 (inc) to 2.3.37 (inc) |
| apache | struts | From 2.5.0 (inc) to 2.5.33 (inc) |
| apache | struts | From 6.0.0 (inc) to 6.8.0 (exc) |
| apache | struts | From 7.0.0 (inc) to 7.1.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-459 | The product does not properly "clean up" and remove temporary or supporting resources after they have been used. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Denial of Service (DoS) issue in Apache Struts where a file leak occurs during multipart request processing, which leads to disk exhaustion.
How can this vulnerability impact me? :
The vulnerability can cause denial of service by exhausting disk space, potentially making the affected Apache Struts server unavailable or unstable.
What immediate steps should I take to mitigate this vulnerability?
Users are recommended to upgrade Apache Struts to version 6.8.0 or 7.1.1, which fixes the issue.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
The provided resources do not include specific commands or detailed detection methods for identifying this vulnerability on a network or system. However, general detection could involve monitoring for abnormal disk usage or exhaustion related to multipart file uploads in Apache Struts. Additionally, reviewing the Apache Struts version in use to check if it falls within the affected versions (2.0.0 through 2.3.37, 2.5.0 through 2.5.33, 6.0.0 through 6.7.4, and 7.0.0 through 7.0.3) can help identify vulnerable systems. For precise detection commands or tools, further information beyond the provided resources would be necessary. [1]